General

  • Target

    3e6aeb6796e5ec4772a805278cbb13210f0f7fb713b8e07e13114f82fa2227db

  • Size

    203KB

  • Sample

    220701-jbs88ahhgp

  • MD5

    7039d60e4bca54cc47e21bb17af3876c

  • SHA1

    28cb8f30be093b8ede43f923f6f57ded8fd09609

  • SHA256

    3e6aeb6796e5ec4772a805278cbb13210f0f7fb713b8e07e13114f82fa2227db

  • SHA512

    847a7413a86f40921308a402fcd649ef41341e4ce7d1881cd1f1c41f3fa01be875907098470cc731e5176e403ef929d278df5c3b0e597b77fadae826cfcf3f46

Malware Config

Extracted

Family

gozi_ifsb

Attributes
  • build

    215165

Extracted

Family

gozi_ifsb

Botnet

3162

C2

menehleibe.com

liemuteste.com

thulligend.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      3e6aeb6796e5ec4772a805278cbb13210f0f7fb713b8e07e13114f82fa2227db

    • Size

      203KB

    • MD5

      7039d60e4bca54cc47e21bb17af3876c

    • SHA1

      28cb8f30be093b8ede43f923f6f57ded8fd09609

    • SHA256

      3e6aeb6796e5ec4772a805278cbb13210f0f7fb713b8e07e13114f82fa2227db

    • SHA512

      847a7413a86f40921308a402fcd649ef41341e4ce7d1881cd1f1c41f3fa01be875907098470cc731e5176e403ef929d278df5c3b0e597b77fadae826cfcf3f46

MITRE ATT&CK Matrix

Tasks